package cn.xorange.commons.security.handler;


import cn.xorange.commons.security.exception.SecurityErrorCode;
import cn.xorange.commons.utils.http.ServletUtils;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.web.access.AccessDeniedHandler;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 认证失败处理类 返回未授权  403  （登录后无权限）
 * （用来解决认证过的用户访问无权限资源时的异常   anonymous() 认证后访问 拦截 ）
 * @author yangjian
 */
@Configuration
public class AccessDeniedHandlerImpl implements AccessDeniedHandler {

    @Override
    public void handle(HttpServletRequest request, HttpServletResponse response, AccessDeniedException e) {

        ServletUtils.responseOut(response, SecurityErrorCode.AUTH_TOKEN_FORBIDDEN.getStatus(),
                SecurityErrorCode.AUTH_TOKEN_FORBIDDEN.getCode(),
                SecurityErrorCode.AUTH_TOKEN_FORBIDDEN.getMsg(), null);

    }
}
